Line data    Source code

       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             : 
       4             :    Kerberos utility functions
       5             : 
       6             :    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2012
       7             : 
       8             :    This program is free software; you can redistribute it and/or modify
       9             :    it under the terms of the GNU General Public License as published by
      10             :    the Free Software Foundation; either version 3 of the License, or
      11             :    (at your option) any later version.
      12             : 
      13             :    This program is distributed in the hope that it will be useful,
      14             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      15             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      16             :    GNU General Public License for more details.
      17             : 
      18             : 
      19             :    You should have received a copy of the GNU General Public License
      20             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      21             : */
      22             : 
      23             : #include "includes.h"
      24             : #include "krb5_samba.h"
      25             : #include "librpc/gen_ndr/netlogon.h"
      26             : 
      27           0 : const krb5_enctype *samba_all_enctypes(void)
      28             : {
      29             :         /* TODO: Find a way not to have to use a fixed list */
      30           0 :         static const krb5_enctype enctypes[] = {
      31             :                 ENCTYPE_DES_CBC_CRC,
      32             :                 ENCTYPE_DES_CBC_MD5,
      33             :                 ENCTYPE_AES128_CTS_HMAC_SHA1_96,
      34             :                 ENCTYPE_AES256_CTS_HMAC_SHA1_96,
      35             :                 ENCTYPE_ARCFOUR_HMAC,
      36             :                 0
      37             :         };
      38           0 :         return enctypes;
      39             : };
      40             : 
      41             : /* Translate between the IETF encryption type values and the Microsoft
      42             :  * msDS-SupportedEncryptionTypes values */
      43     1153328 : uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum)
      44             : {
      45     1153328 :         switch (enc_type_enum) {
      46      278172 :         case ENCTYPE_DES_CBC_CRC:
      47      278172 :                 return ENC_CRC32;
      48      278172 :         case ENCTYPE_DES_CBC_MD5:
      49      278172 :                 return ENC_RSA_MD5;
      50           0 :         case ENCTYPE_ARCFOUR_HMAC:
      51           0 :                 return ENC_RC4_HMAC_MD5;
      52      278172 :         case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
      53      278172 :                 return ENC_HMAC_SHA1_96_AES128;
      54      278172 :         case ENCTYPE_AES256_CTS_HMAC_SHA1_96:
      55      278172 :                 return ENC_HMAC_SHA1_96_AES256;
      56           0 :         default:
      57           0 :                 return 0;
      58             :         }
      59             : }
      60             : 
      61             : /* Translate between the Microsoft msDS-SupportedEncryptionTypes values
      62             :  * and the IETF encryption type values */
      63        1037 : krb5_enctype ms_suptype_to_ietf_enctype(uint32_t enctype_bitmap)
      64             : {
      65        1037 :         switch (enctype_bitmap) {
      66           0 :         case ENC_CRC32:
      67           0 :                 return ENCTYPE_DES_CBC_CRC;
      68           0 :         case ENC_RSA_MD5:
      69           0 :                 return ENCTYPE_DES_CBC_MD5;
      70         319 :         case ENC_RC4_HMAC_MD5:
      71         319 :                 return ENCTYPE_ARCFOUR_HMAC;
      72         319 :         case ENC_HMAC_SHA1_96_AES128:
      73         319 :                 return ENCTYPE_AES128_CTS_HMAC_SHA1_96;
      74         321 :         case ENC_HMAC_SHA1_96_AES256:
      75         321 :                 return ENCTYPE_AES256_CTS_HMAC_SHA1_96;
      76           0 :         default:
      77           0 :                 return 0;
      78             :         }
      79             : }
      80             : 
      81             : /* Return an array of krb5_enctype values */
      82         347 : krb5_error_code ms_suptypes_to_ietf_enctypes(TALLOC_CTX *mem_ctx,
      83             :                                              uint32_t enctype_bitmap,
      84             :                                              krb5_enctype **enctypes)
      85             : {
      86         347 :         size_t max_bits = 8 * sizeof(enctype_bitmap);
      87         347 :         size_t j = 0;
      88          26 :         ssize_t i;
      89             : 
      90         347 :         *enctypes = talloc_zero_array(mem_ctx, krb5_enctype,
      91             :                                       max_bits + 1);
      92         347 :         if (!*enctypes) {
      93           0 :                 return ENOMEM;
      94             :         }
      95             : 
      96       11451 :         for (i = max_bits - 1; i >= 0; i--) {
      97       11104 :                 uint32_t bit_value = (1U << i) & enctype_bitmap;
      98       11104 :                 if (bit_value & enctype_bitmap) {
      99        1037 :                         (*enctypes)[j] = ms_suptype_to_ietf_enctype(bit_value);
     100        1037 :                         if (!(*enctypes)[j]) {
     101           0 :                                 continue;
     102             :                         }
     103        1037 :                         j++;
     104             :                 }
     105             :         }
     106         347 :         (*enctypes)[j] = 0;
     107         347 :         return 0;
     108             : }